Major Systems Installed on Commercial Ships – Detailed Functionality, Risks, and Risk Management
Commercial ships — container vessels, bulk carriers, oil tankers, LNG carriers, and car carriers — are floating platforms of interconnected digital and mechanical systems. As vessels become increasingly connected through Starlink, IoT sensors, and cloud-based monitoring, the boundary between IT and OT has blurred. Understanding how each onboard system works, what can go wrong, and how to defend it has become a core competency for maritime engineers, cyber officers, and operators alike.
Key Terms
OT — Operational Technology (navigation, engine, cargo control systems)
IT — Information Technology (crew internet, business systems)
CBS — Computer-Based System (any digital onboard system per IACS UR E27)
DP — Dynamic Positioning System
ECDIS — Electronic Chart Display and Information System
PMS — Power Management System
IAS — Integrated Automation System
BWTS — Ballast Water Treatment System
EGCS — Exhaust Gas Cleaning System (Scrubber)
GMDSS — Global Maritime Distress and Safety System
AIS — Automatic Identification System
IDS — Intrusion Detection System
Section Ⅰ — Navigation & Control Systems
Steering · Propulsion · Dynamic Positioning · ECDIS
Navigation and control systems are the most safety-critical onboard systems — and increasingly, the most targeted by cyber threat actors seeking to manipulate vessel position or course.
1.1
Steering System
SOLAS Ch. II-1
⚙️ How It Works
Rudder controlled by hydraulic or electric actuator. Responds to helm commands or autopilot. Rudder angle feedback loops maintain heading.
⚠️ Potential Risks
Hydraulic failure → loss of steering. Electrical faults → system malfunction. Cyber threat: unauthorized remote control of steering actuators.
🛡️ Risk Management
Redundant hydraulic circuits. Emergency manual override (SOLAS req.). Cybersecurity controls for remote/autonomous steering CBS per IACS UR E27.
1.2
Propulsion System
MARPOL · SOLAS
⚙️ How It Works
Main engine drives propeller via shaft. Modern alternatives: LNG, hybrid, and electric propulsion systems for reduced emissions.
⚠️ Potential Risks
Engine overheating or failure → immobilization. Shaft misalignment → efficiency loss. Fuel contamination → engine issues.
🛡️ Risk Management
Condition-based maintenance (CBM). Fuel quality monitoring and filtration. Emergency towing arrangements for propulsion loss scenarios.
1.3
Dynamic Positioning System (DP)
IMO MSC/Circ.645
⚙️ How It Works
Uses thrusters, GPS, and motion sensors to maintain fixed position without anchoring. Essential for LNG carriers during STS transfers.
⚠️ Potential Risks
GPS spoofing → unintended vessel drift. Power failure → DP shutdown. Sensor failure → position loss during critical operations.
🛡️ Risk Management
Dual GPS and independent sensor backups. Emergency power redundancy. Anti-spoofing GNSS receivers for cyber-resilient positioning.
1.4
ECDIS — Electronic Chart Display and Information System
SOLAS Ch. V · IHO S-57/S-101
+ Supplemented
⚙️ How It Works
Displays digital ENC (Electronic Navigational Chart) overlaid with real-time GPS position. Integrates AIS, radar, and weather data. Mandated by SOLAS as paper chart replacement.
⚠️ Potential Risks
Outdated ENC → chart data discrepancy with actual seabed. GNSS spoofing → false position display. Software vulnerabilities → unauthorized chart manipulation via network.
🛡️ Risk Management
Regular ENC updates via authorized distributors. Dual ECDIS per SOLAS. Network isolation from crew IT networks. IACS UR E27 CBS documentation required for type-approved ECDIS.
Section Ⅱ — Power & Energy Management Systems
PMS · Switchboard · IAS — Generate, distribute, and automate vessel power
2.1
Power Management System (PMS)
SOLAS Ch. II-1 · IACS UR E10
⚙️ How It Works
Automatically controls generator start/stop based on power demand. Balances load between main and auxiliary generators to prevent blackout.
⚠️ Potential Risks
Overload or short circuit → electrical blackout. Generator sync failure → power instability. Cyber manipulation of PMS → intentional blackout at sea.
🛡️ Risk Management
Load-sharing algorithms and emergency generator backup. Automatic voltage regulation (AVR). OT network isolation for PMS CBS per IACS UR E27.
2.2
Main Switchboard System
IACS UR E10
⚙️ How It Works
Distributes electrical power from generators to all onboard loads. Circuit breakers protect against overcurrent. Bus-tie arrangements provide redundancy.
⚠️ Potential Risks
Short circuits or arc flash → electrical fires. Faulty insulation → electrocution hazards. Switchboard control interface unauthorized access.
🛡️ Risk Management
Arc flash protection, insulation resistance monitoring, and scheduled circuit breaker maintenance. Physical access control to switchboard room.
2.3
Integrated Automation System (IAS)
IACS UR E27 CBS
+ Supplemented
⚙️ How It Works
Central monitoring and control of all ship machinery from bridge or ECR. Connects PMS, main engine, auxiliary systems, ballast, and alarms into one integrated OT network.
⚠️ Potential Risks
Single point of failure if central IAS is compromised. Cyberattack can alter engine parameters remotely. Lateral movement from IT network into IAS OT network.
🛡️ Risk Management
Redundant IAS servers. IT/OT network segmentation (VLAN/firewall). Manual override capability for all critical functions. IACS UR E27 full CBS documentation required.
Section Ⅲ — Safety & Security Systems
Fire Detection · Cybersecurity Monitoring — Protect crew, vessel, and cargo
3.1
Fire Detection & Firefighting System
SOLAS Ch. II-2 · FSS Code
⚙️ How It Works
Smoke and heat detectors trigger alarms. Automatic or manual activation of water mist, CO₂, or foam-based suppression in designated spaces.
⚠️ Potential Risks
False alarms or sensor failures → delayed response. Inadequate suppression agent for cargo type. Network-connected fire panels exposed to cyber interference.
🛡️ Risk Management
Redundant sensor arrays and periodic fire drills (SOLAS). Regular suppression system inspection. Physical isolation of fire control panels from vessel network.
3.2
Cybersecurity Monitoring & Protection System
IACS UR E26/E27 · IMO MSC-FAL.1
⚙️ How It Works
Firewalls, IDS/IPS, and encryption protect IT and OT networks. Monitors for unauthorized access to ship control networks. Logs and alerts on anomalous behavior.
⚠️ Potential Risks
Ransomware → system manipulation and operational halt. Unpatched vulnerabilities → unauthorized control of navigation and propulsion OT systems.
🛡️ Risk Management
Regular security patches and network segmentation. MFA and Zero Trust access controls. Cyber Officer role and crew training per IMO 2021 ISM integration.
Section Ⅳ — Cargo & Environmental Systems
CMS · BWTS · EGCS — Handle cargo and meet environmental regulations
4.1
Cargo Management System (CMS)
SOLAS Ch. VI · IMSBC Code
⚙️ How It Works
Sensors monitor cargo holds for temperature, pressure, and humidity. Automates loading/unloading for tankers, container ships, and bulk carriers.
⚠️ Potential Risks
Cargo misloading → stability issues or structural stress. Sensor malfunction → incorrect monitoring data. Falsified cargo data via cyber manipulation.
🛡️ Risk Management
Redundant sensor arrays and periodic calibration. Loading simulation software to predict stress distribution. Data integrity protection for cargo CBS networks.
4.2
Ballast Water Treatment System (BWTS)
BWM Convention 2004 · IMO D-2
⚙️ How It Works
Treats ballast water using UV irradiation, filtration, or electrochlorination before discharge. Prevents transport of invasive marine species between ocean regions.
⚠️ Potential Risks
Insufficient disinfection → IMO D-2 non-compliance and port detention. Filter clogging → system bypass. Sensor data falsification to pass PSC inspections.
🛡️ Risk Management
Periodic system flushing and filter maintenance. Real-time ballast water quality monitoring. BWTS treatment log integrity verification for PSC compliance.
4.3
Exhaust Gas Cleaning System (EGCS / Scrubber)
MARPOL Annex VI · IMO 2020
+ Supplemented
⚙️ How It Works
Removes SOx from engine exhaust using seawater or freshwater scrubbing. IMO 2020 compliance pathway alternative to low-sulphur fuel (LSFO). Hybrid systems switch between open/closed loop.
⚠️ Potential Risks
Washwater discharge violations in EGCS-prohibited ports. Sensor failure → non-compliance and PSC detention. Port bans on open-loop EGCS (Singapore, China, EU ports).
🛡️ Risk Management
Regular SOx analyzer calibration. Monitoring of port entry restrictions for EGCS mode. Continuous washwater pH/PAH logging for PSC inspection readiness.
Section Ⅴ — Communication, Monitoring & Crew Welfare Systems
GMDSS · AIS · Crew Management · HVAC — Connect, track, and support crew
5.1
GMDSS — Global Maritime Distress and Safety System
SOLAS Ch. IV · ITU Radio Regs
+ Supplemented
⚙️ How It Works
International radio communication system for SAR coordination. Includes VHF/MF/HF radio, EPIRB (406 MHz), SART, and Inmarsat terminal. Mandatory for SOLAS vessels.
⚠️ Potential Risks
Equipment failure during emergencies. Battery backup failure for EPIRB. Cyberattack disrupting distress communications or triggering false MAYDAY signals.
🛡️ Risk Management
Regular GMDSS equipment testing per SOLAS. Battery maintenance schedule. Redundant communication paths (Inmarsat + Iridium). Physical security for radio room.
5.2
AIS — Automatic Identification System
SOLAS Ch. V · ITU-R M.1371
+ Supplemented
⚙️ How It Works
VHF transponder broadcasts vessel ID, position, speed, and course every 2–10 seconds. Received by other vessels and VTS. Mandatory for vessels over 300 GT on international voyages.
⚠️ Potential Risks
AIS spoofing creates false targets or hides real vessels. GPS manipulation → incorrect position broadcast. AIS data is unencrypted and unauthenticated by design.
🛡️ Risk Management
Cross-check AIS with independent radar tracking. AIS anomaly detection systems at VTS. Authentication standards under development by ITU/IMO. Crew training on AIS spoofing indicators.
5.3
Crew Management System
MLC 2006 · STCW
⚙️ How It Works
Tracks crew schedules, working hours, rest periods, and certification compliance with ILO and STCW labor standards. Integrates payroll and HR functions.
⚠️ Potential Risks
Data breaches → compromised personal crew information. Incorrect scheduling → fatigue-related accidents. PII exposure to port state authorities via insecure transmission.
🛡️ Risk Management
Encrypted data storage and biometric authentication. Automated fatigue monitoring and shift scheduling. GDPR-compliant data handling for EU port calls.
5.4
HVAC System (Heating, Ventilation & Air Conditioning)
SOLAS Ch. II-2
⚙️ How It Works
Regulates temperature, humidity, and air quality in crew accommodation, bridge, and cargo spaces. Refrigerant-based cooling for LNG carrier cargo containment systems.
⚠️ Potential Risks
Ventilation failure → poor air quality and mold risk. Refrigerant leaks → health hazards. Smart HVAC connected to ship network may be an OT attack entry point.
🛡️ Risk Management
CO₂ sensor-based air quality monitoring. Preventive maintenance and refrigerant leak detection. Network isolation of smart HVAC controllers from critical OT systems.
⚓ Captain's Take
A commercial ship is no longer just a mechanical vessel — it is a floating OT network. Every system described above now has a digital control interface, and every digital interface is a potential attack surface. The maritime industry's cybersecurity challenge is not theoretical: the Maersk, COSCO, and CMA CGM incidents already demonstrated what happens when these systems are compromised. Understanding what each system does is the first step toward defending it.
✅
Navigation systems (Steering, DP, ECDIS) are the highest-value cyber targets — a compromised vessel position or course can cause collisions, groundings, or enable hijacking far from shore.
✅
The IAS is the single most dangerous OT attack target — it bridges PMS, main engine, and auxiliary systems. A compromised IAS can trigger a blackout, propulsion loss, or false alarms simultaneously.
✅
Environmental systems (BWTS, EGCS) are increasingly becoming compliance and data integrity risks — falsified treatment logs can result in port detention and million-dollar fines under MARPOL.
✅
AIS spoofing is perhaps the most underestimated threat — it is technically trivial to execute, and the maritime community has yet to deploy authenticated AIS at scale. Until then, cross-checking with radar remains essential.
#CommercialShipSystems
#MaritimeCybersecurity
#OTSecurity
#ECDIS
#AIS
#GMDSS
#IAS
#IACSURE27
#Maritime4.0
#GPSSpoofing
📚 Related Standards & References
1
IACS UR E27 — Cyber Resilience of On-board Systems and Equipment
IACS · 2022 · Mandatory for newbuilds contracted from July 2024 · iacs.org.uk
IACS · 2022 · Mandatory for newbuilds contracted from July 2024 · iacs.org.uk
2
IMO MSC-FAL.1/Circ.3 — Guidelines on Maritime Cyber Risk Management
IMO · 2017 · Integrated into ISM Code from January 2021 · imo.org
IMO · 2017 · Integrated into ISM Code from January 2021 · imo.org
3
4
BIMCO Guidelines on Cyber Security Onboard Ships (v4)
BIMCO / ICS / INTERCARGO / INTERTANKO · 2020 · bimco.org
BIMCO / ICS / INTERCARGO / INTERTANKO · 2020 · bimco.org
5
MARPOL Annex VI — Prevention of Air Pollution from Ships (IMO 2020 SOx Cap)
IMO · 0.5% global sulphur cap effective January 2020 · imo.org
IMO · 0.5% global sulphur cap effective January 2020 · imo.org
Captain Ethan · In Sung Lee
Maritime 4.0 · AI, Data & Cyber Security
Collaborator: Lew, Julius, Jin, Morgan, Yeon
Comments
Post a Comment